The Information Security Office (ISO) offers both campus-wide and departmental vulnerability scanning to detect systems which may be vulnerable to attack.
Campus-wide: ISO continuously scans the campus network for security vulnerabilities on connected devices. We use a number of scanners using Tenable Nessus, along with Tenable's Professional Feed of network vulnerability "plugins", to detect systems which may be vulnerable to attack. When detected, high-risk vulnerabilities are reported to designated security contacts for investigation and remediation. Vulnerabilities may include:
- Missing patches and updates;
- Misconfigurations allowing unintentional data exposure;
- Weak and default system passwords;
- Unsupported operating systems and software;
- Insecure and unnecessary network services.
Departmental: In addition to our campus-wide network vulnerability scanning service, ISO offers the use of our scanning tools to campus departmental IT staff for proactive discovery of vulnerabilities on the systems they support. We offer local departmental IT staff:
- An account on our Nessus server and access to a web UI to configure and launch scans;
- Access to perform custom, on-demand scans of your department's network devices; and,
- A regularly scheduled full vulnerability scan with results sent as an encrypted ZIP via email.